<?php
include ('../inicio/conectarse.php');
if (!isset($_SESSION)) {
  session_start();
}

	//Function to sanitize values received from the form. Prevents SQL injection
	function clean($str) {
		$str = @trim($str);
		if(get_magic_quotes_gpc()) {
			$str = stripslashes($str);
		}
		return mysql_real_escape_string($str);
	}
	
	//Sanitize the POST values
	$id_tipo = clean($_POST['select']);
	$nombre = clean($_POST['nombre']);
	$fecha_vencimiento = clean($_POST['telefono']);
	
	if($_SESSION['UPDATE']==0){
		//Create INSERT query
		$qry = "INSERT INTO repartidores(nombre, telefono) VALUES('$nombre','$telefono')";
		$result = mysql_query($qry);
		//Check whether the query was successful or not
		if($result) {
			header("location: ../../paginas/admin/index.php");
			exit();
		}else {
			die("Query failed");
		}
	}else{	
		$id=$_SESSION['ID'];
		$qry = "UPDATE repartidores SET nombre = '$nombre', telefono='$telefono' WHERE ID_REPARTIDOR=".$id;
	
		$result = mysql_query($qry);
		//Check whether the query was successful or not
		if($result) {
			header("location: ../../paginas/admin/index.php");
			exit();
		}else {
			die("Query failed");
		}
	}
?>